January 2017

Jan 24, 2017

Our guest interview is with Jack Goldsmith, Shattuck Professor of Law at Harvard and co-founder of Lawfare. We explore his contrarian view of how to deal with Russian hacking, which leads to me praising (or defaming, take your pick) him as a Herman Kahn for cyberconflict. Except what’s unthinkable in this case are his ideas for negotiating, not fighting, with the Russians.

In the news roundup, I ask Michael Vatis whether the wheels are coming off the FTC’s business model, as yet another company refuses to succumb to the commission’s genteel extortion.

The Obama Administration came to an end last week, and its officials left behind a lot of paper to remind us why we’ll miss them — and why we won’t. A basically sympathetic review of the administration’s cyber policies ends with a harsh judgment on President Obama: “He did almost everything right and it still turned out wrong.”

And just to make sure we haven’t forgotten the new team’s rather different approach, it posted a policy statement on how good its cyber policy will be. It reads, in its entirety, “Cyberwarfare is an emerging battlefield, and we must take every measure to safeguard our national security secrets and systems. We will make it a priority to develop defensive and offensive cyber capabilities at our U.S. Cyber Command, and recruit the best and brightest Americans to serve in this crucial area.”

And, in a first for the Steptoe Cyberlaw Podcast, Alan Cohn reports as our roving foreign correspondent from -- where else? -- Davos. Want to know what the global 1% are worried about – other than you? Alan has the answers.

Jan 17, 2017

Would it violate the Posse Comitatus Act to give DOD a bigger role in cybersecurity? In episode 146, Michael Vatis and I call BS on the idea, which I ascribe to Trump Derangement Syndrome and Michael more charitably ascribes to a DOD-DHS turf fight.

Should the FDA allow hospitals to implant defibrillators with known security flaws in unknowing patients? I argue that that’s the question raised by the latest security flaw announcement from the FDA, DHS, and St. Jude Medical (now Abbot Labs).

Repealing the FCC’s internet privacy regulations is well within Congress’s power if it acts soon, says Stephanie Roy, who stresses how rare it is for Republicans to hold the presidency and both houses of Congress. (And who says President Obama didn’t leave a legacy?)

And for something truly new, we offer “call-in corrections,” as Nebraska law professor Gus Hurwitz tells us about the one time the FTC discussed the NIST Cyber Security Framework. It’s safe to say that this correction won’t leave the FTC any happier than my original charge that the agency can’t get past “Hey! I was here first!”

Jan 04, 2017

We start 2017 the way we ended 2016, mocking the left/lib bias of stories about intercept law. Remember the European Court of Justice decision that undermined the UK’s new Investigatory Powers Act and struck down bulk data retention laws around Europe? Yeah, well, not so much. Maury Shenk walks us through the decision and explains that it allows bulk data retention to continue for "serious" crime, which is really the heart of the matter.

We can’t, of course, resist an analysis of the whole Russian election interference sanctions brouhaha. The FBI/DHS report on Russian indicators in the DNC hack is taking on water, and its ambiguities have not been helped by a Washington Post article on alleged Russian intrusion into Vermont Yankee’s network. That story had to be walked way back, from an implicit attack on the electric grid to an apparently opportunistic infection of one company laptop. No one is surprised that there’s an increasingly partisan split over who’s going to answer the phone now that the 1980s really have called to get their foreign policy back.

Meredith also updates us on the Wassenaar effort to control exports of “intrusion software” – which some European governments seem to want to regulate in a way that does maximum damage to cybersecurity. The overreaching was blunted in a recent Wassenaar meeting, but not nearly as much as the US government – and industry – had hoped. The issue won’t go away, but it will soon become an appropriate job for the author of “The Art of the Deal.”

Finally, Jennifer Quinn-Barabanov takes us on a tour of the dirtier back streets of privacy class action practice – otherwise known as cy pres awards and their challengers. It sounds like “genteel corruption” to me, but you be the judge.